Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

An error occurred while submitting your form. Please try again or file a bug report. Close

  1. Blog
  2. Article

Sarah Dickinson
on 26 April 2019

An introduction to AppArmor

apparmor Apps Security Snaps

Cyber attacks are becoming more sophisticated, attack frequency is on the rise, and the cost of cybercrime damage is projected to reach $6 trillion annually by 2021. Traditional defensive measures such as firewalls and intrusion detection systems that operate at the network perimeter are no longer enough to protect today’s distributed enterprise networks. Rather, a ‘defence in depth’ approach is required in order to protect all facets of an organisation’s digital infrastructure.

In an ideal world, applications would be free from security vulnerabilities but, once compromised, even a trusted application can become untrustworthy. AppArmor provides a crucial layer of security around applications. By providing the capability to whitelist an application’s permissible actions, AppArmor enables administrators to apply the principle of least privilege to applications. Once in place, AppArmor can halt attacks and minimise or prevent damage in the event of a breach.

This whitepaper provides a technical introduction to AppArmor, including:

  • Why a ‘defence in depth’ strategy should be employed to mitigate the potential damage caused by a breach
  • An explanation of AppArmor, its key features and why the principle of least privilege is recommended
  • The use of AppArmor in Ubuntu and snaps

In submitting this form, I confirm that I have read and agree to Canonical’s Privacy Notice and Privacy Policy.

Related posts

Carlos Bravo
28 August 2025

Ubuntu Pro Minimal 22.04 LTS with CIS hardening is now generally available on AWS

Canonical announcements Article

August 28, 2025 – We are excited to announce the general availability of Ubuntu Pro Minimal 22.04 LTS with CIS hardening, a new variant of Ubuntu designed for organizations that require tight security controls, minimal attack surface, and out-of-the-box compliance. This new offering combines the efficiency of Minimal Ubuntu with the enter ...

Nicholas Morris
26 August 2025

Generating allow-lists with DNS monitoring on LXD

DevOps Article

Allow-listing web traffic – blocking all web traffic that has not been pre-approved – is a common practice in highly sensitive environments. It is also a challenge for developers and system administrators working in those environments. In this blog, we’ll cover an easy way to mitigate this challenge by using LXD to generate allow-lists.  ...

Jehudi
22 August 2025

A complete security view for every Ubuntu LTS VM on Azure

Security Article

Azure’s Update Manager now provides a complete security view for all Ubuntu LTS VMs—18.04, 20.04, 22.04, and 24.04—by showing available updates from Ubuntu Pro’s Expanded Security Maintenance (ESM). This helps identify instances that would benefit from security patching for the Universe repository and continued updates for older LTS relea ...